Xd4Rker

**Name of the Vulnerable Software and Affected Versions** PHP versions 8.1.x below 8.1.8 **Description** The issue is related to the implementation of the `finfo buffer` function in PHP, which can lead to heap corruption due to the incorrect use of a function to free allocated memory. This is caused by an incorrect patch applied to the third-party code from libmagic. The exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For PHP versions 8.1.x below 8.1.8, update to version 8.1.8 or later to resolve the issue. As a temporary workaround, consider disabling the use of `finfo buffer` and other fileinfo functions until a patch is applied. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PMB versions 4.1.3 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in the catalog.php file, which is vulnerable to SQL injection. **Recommendations** For PMB versions 4.1.3 and earlier, consider restricting access to the catalog.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the catalog.php file to minimize the risk of exploitation.